Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Hardware module-based authentication in intra-vehicle networks

a hardware module and intra-vehicle network technology, applied in data switching networks, digital transmission, transportation and packaging, etc., can solve the problem of destroying malicious messages before they are fully received, reduce the overhead of key management, and improve the security of in-car network communications.

Active Publication Date: 2020-06-30
GEORGE MASON UNIVERSITY
View PDF14 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0018]The addition of a secure hardware module (the SECU) onto the CAN bus. The hardware module can perform key distribution and message verification, and can destroy malicious messages before they are fully received by ECUs. The module significantly enhances the security of in-car network communications and reduces the overhead of key management. With the SECU, only software updates are required for existing ECUs. They only need to compute MACs, and they do not need to conduct verification. Therefore, delay and computation overhead on message verification are also reduced compared with traditional message authentication protocols.
[0019]6.673 million CAN messages are collected from various cars and entropy and pattern analysis were conducted of the messages. The CAN messages collectively have low entropy, with an average of 11.436 bits. This finding supports CAN message compression, which allows the message size to be significantly reduced to fit the message and its MAC within a single CAN frame, thus enabling fast authentication.
[0021]A new ECU synchronization process was developed to allow more efficient transfer of compression trees.
[0023]Experimental evaluation was conducted using the test bed. Evaluation results show that the invention can achieve real-time message authentication on the CAN bus with minimal latency.

Problems solved by technology

The hardware module can perform key distribution and message verification, and can destroy malicious messages before they are fully received by ECUs.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hardware module-based authentication in intra-vehicle networks
  • Hardware module-based authentication in intra-vehicle networks
  • Hardware module-based authentication in intra-vehicle networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040]CAN is a multi-master serial bus standard for connecting ECUs, also known as nodes. All nodes are connected to each other through a two wire bus. ISO-11898-2, also called high speed CAN, is the standard implemented in modern automobiles. Modern automobiles may have as many as 70 ECUs for various subsystems, such as the engine control unit, transmission, airbags, antilock braking system (ABS), cruise control, power steering, audio systems, and so forth. FIG. 1 illustrates the architecture of the high speed CAN which comprises a two wire bus, or CAN bus, 10 terminated at each end by 120Ω resistors. A plurality of ECUs, or nodes, 121 to 12n are connected to the CAN bus 10. The bus standard allows the ECUS to communicate with each other without a host computer. The comminations are a message-based protocol rather than an address based protocol.

[0041]FIG. 2 illustrates a CAN node or ECU. Generally, each ECU 20 comprises a central processor 22, typically a microcontroller, a CAN con...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A secure hardware-based module or Security Electronic Control Unit (SECU) for a Controller Area Network (CAN) prevents an attacker from sending malicious messages through the CAN bus to take over control of a vehicle. The SECU shares a unique key and counter with each ECU on the CAN bus. When a legitimate ECU sends a message, it first compresses the message and then generates a MAC of the counter and a secret key. The counter is increased by one for each transmitted message. The ECU then fits the compressed message and the MAC into one CAN frame and sends it onto the CAN bus. The SECU performs the message verification on behalf of the intended receiver(s) of the message. If the verification passes, the receiver(s) simply decompress the message and use it as a normal CAN message. If the verification fails, the SECU will corrupt the CAN frame before it is fully received by the intended receiver(s). The corrupted CAN frame will be ignored by the intended receiver(s) as if it was never received. Therefore, a malicious message generated by an attacker will inflict no damage on the system.

Description

BACKGROUND OF THE INVENTIONField of the Invention[0001]The present invention generally relates to security systems for Electronic Control Units (ECUs) particularly for use in Controller Area Networks (CANs) as used in vehicle communication systems and, more specifically, the invention is directed to a secure hardware-based module or Security ECU (SECU) for a Controller Area Network (CAN) to prevent an attacker from sending malicious messages through the CAN bus to take over a vehicle.Background Description[0002]The Controller Area Network (CAN) was invented by Bosch GmbH in order to provide reliable, fast communication between ECUs in automotive networks. However, it was not designed for security, and as such remains vulnerable to various attacks from both physical and wireless interfaces. Although the majority of cars are vulnerable to attacks through physical media, such as the On-Board Diagnostics (OBD-II) port, recent developments in automotive technology have made cars increasi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L29/06H04L9/06H04L9/12H04L9/32H04L12/46H04L29/08H04L12/40H04L9/08H04W4/48
CPCH04L12/40026H04L9/12H04L9/3242H04L63/0876H04L63/123H04L67/125H04L63/0853H04L63/1441H04L9/0643H04L63/062H04L12/4625H04L9/0861H04L67/12H04L63/1466H04L2209/34H04L63/1458H04W4/48H04L2012/40215
Inventor ZENG, KAIWANG, ERICXU, WILLIAMSASTRY, SUHAS
Owner GEORGE MASON UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com